{"id":39861,"date":"2021-03-02T14:00:12","date_gmt":"2021-03-02T14:00:12","guid":{"rendered":"https:\/\/www.microsoft.com\/security\/blog\/?p=92886"},"modified":"2021-03-02T14:00:12","modified_gmt":"2021-03-02T14:00:12","slug":"microsoft-unifies-siem-and-xdr-to-help-stop-advanced-attacks","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/microsoft-unifies-siem-and-xdr-to-help-stop-advanced-attacks\/","title":{"rendered":"Microsoft unifies SIEM and XDR to help stop advanced attacks"},"content":{"rendered":"

For all of us in security, the last twelve months have been an incredible series of challenges\u2014from balancing remote work with family priorities, to helping build resilient businesses, and protecting against the latest attacks. 2020 showed us that while we have made great progress, there is still a lot we can do as individuals, organizations, and as a community to keep secure. Here at Microsoft, we\u2019re committed to applying these learnings to help create a stronger, more unified approach to security for all\u2014no matter what platform you\u2019re on, device you\u2019re trying to protect, or cloud your data is in.<\/p>\n

To help protect against advanced attacks, last September at Microsoft Ignite we shared our vision to create the most complete approach to securing your digital landscape, all under a single umbrella<\/a>. We combined the breadth of Azure Sentinel, our cloud-native SIEM (security information and event management) with the depth of Microsoft 365 Defender and Azure Defender, our XDR (extended detection and response) tools, to help fight against attacks that take advantage of today\u2019s diverse, distributed, and complex environments.<\/p>\n

Today we are taking the next step in unifying these experiences and delivering enhanced tools and intelligence to stop modern threats.<\/p>\n

Unified experiences<\/h2>\n

Most SIEMs on the market today simply take logs from multiple sources. Azure Sentinel<\/strong><\/a> accepts logs across your environment with many third-party security products and can go a step further with Azure Defender and Microsoft 365 Defender. Starting today, incidents, schema, and alerts <\/strong>are shared between Azure Sentinel and Microsoft 365 Defender. This means you get a unified view in Azure Sentinel, then can seamlessly drill down into an incident for more context in Microsoft 365 Defender.<\/p>\n

For example: Start in Azure Sentinel for your bird\u2019s eye view to understand an overarching incident, then move directly into Microsoft 365 Defender to investigate an asset or a user in more detail. You can even remediate and close the incident directly within Microsoft 365 Defender, all while maintaining bi-directional syncing with Azure Sentinel. This is next level SIEM integration you won\u2019t find anywhere else.<\/p>\n

On the Microsoft 365 Defender<\/strong><\/a> side, we are working to reduce the number of portal experiences. The goal is to have a single unified XDR experience for securing end-user environments, rather than a suite of products. Today marks a significant milestone in that effort as we integrate the capabilities<\/a> of Microsoft Defender for Endpoint and Defender for Office 365 together into the unified Microsoft 365 Defender portal. These changes simplify tasks that would require multiple experiences across comparable products in the market. <\/strong>We have also taken the opportunity to significantly enhance the email entity page with a new 360-degree view of email alerts<\/strong> with relevant context and email alert capabilities.<\/p>\n

Enhanced tools and intelligence to stop advanced attacks<\/h2>\n

As well as unifying the capabilities of Microsoft Defender for Endpoint and Defender for Office 365 into Microsoft 365 Defender, we have also created new enhanced experiences including:<\/p>\n